Court Ruled that Novell is the copyright holder for UNIX

Today, the jury in the District Court of Utah trial between SCO Group and Novell issued a verdict.

Novell is very pleased with the jury’s decision confirming Novell’s ownership of the Unix copyrights, which SCO had asserted to own in its attack on Linux. Novell remains committed to promoting Linux, including by defending Linux on the intellectual property front.

This decision is good news for Novell, for Linux, and for the open source community.

Password-less Logins with OpenSSH, scp, and rsync

UPDATE: I changed ‘>’ (erase file, then write to file) to ‘>>’ (append to file). This avoids you overwriting your, or other peoples’, public keys.

Setting up password-less logins is both dangerous, and mighty. It allows one to authenticate to an OpenSSH server without typing in a password. Authentication is gained via knowledge of a private key.

Generate a Public/Private Key Pair

$> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/felipe/.ssh/id_rsa):
Enter passphrase (empty for no passphrase): <ENTER>
Enter same passphrase again: <ENTER>
Your identification has been saved in /home/felipe/.ssh/id_rsa.
Your public key has been saved in /home/felipe/.ssh/id_rsa.pub.
The key fingerprint is:
d7:79:c3:01:ce:90:71:a2:a2:3d:83:26:fb:9a:1f:5b felipe@linux.local

You will then find two files inside your directory. Keep them safe, secure, and secret. The public key (the one with .pub at the end) can be widely disemmindated. It represents the antonym of secrecy and privacy. The private key, however, must remain private and secret at all times.

Copy the PUBLIC key to a remote OpenSSH server

You must copy your public key to a remote host. The host will verify that you own the private key by encrypting a “challenge” and forcing your ssh client to decrypt it. If successful, you are authenticated, and admitted entrance. A password isn’t required.

$> cat /home/felipe/.ssh/id_rsa.pub | ssh felipe@remote-host.com \
"cat - >> .ssh/authorized_keys"
felipe@remote-host.com's password: <PASSWORD>

This copies your public key the authorized_keys file (NB: authorized_keys2 is deprecated and no longer recommended for use. OpenSSH checks both).

Testing Phase

‘logout’ or ‘exit’ and try:

$> ssh felipe@remote-host.com

It should not ask you for a password. You should automatically be logged into the remote system.

Works with scp and rsync too!

‘scp’ and ‘rsync’ both use a ssh client at the backend, and so will also authenticate automatically utilising your public and private key pair. Try:

$> scp file_a felipe@remote-host.com:file_b

This should transfer without pausing to ask for your password. Likewise try:

$> rsync -r /backups/2010/Jan felipe@remote-host.com:/backups/2010

This should backup your entire directory to remote-host.com without pausing to ask for a password. You can put a line similar to this one in a shell script, and run it with cron once a week or so. It will automatically backup your system, using OpenSSH, and proven secure and safe method for authentication of human and machines across an untrusted public network, away from curious eyes.

Software RAID-5 on GNU/Linux Using mdadm In 6 Easy Steps

For this setup, I used 4 320GB sata 300 hard drives. This array is not configured for booting, just for redundant storage. My four drives are:

  • sdb
  • sdc
  • sdd
  • sde

1.  Ensure all partitions on the drives are erased

There are a few ways to do this. I just overwrite the first million bytes with zeroes.

$> dd if=/dev/urandom of=/dev/sdb bs=1M count=1

Another way to do it, is using fdisk, like this

$> fdisk /dev/sdc
d (deletes a partition by its number)
1 (partition number)
w (writes changes to the disk)
q (quit without saving)

For best results, one should remove all partitions from all the RAID members.

2.  After all partitions have been erased from all members, we must create RAID partitions.

We can use fdisk again, like this:

$> fdisk /dev/sdd
n (this makes new partition)
p (primary (not extended))
1 (number 1)
start: <press enter>
end: <press enter>
t (selects partition type)
fd (0xFD is the symbol for Linux RAID partition)
w (writes changes to disk)
q (quits without saving changes)

Repeat this process for all your RAID members. Do not format these disks. We will first build the array, then format the array.

3.  Tell mdadm to create an array with 4 members

$> mdadm --create --level=5 --metadata=1.2 --raid-devices=4 \
 /dev/md0 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
  • creates the array from available members
  • select the raid level (we want RAID5, but 0, 1, 10, 5, 6 are available)
  • metadata ensures we have the most robust and up-to-date RAID system
  • raid-devices select 4 devices for our array. We could have done 3 devices, and one spare. A spare will automatically rebuild if any live members fail or die.
  • /dev/md0 is the array
  • sdb, sdc, sdd, sde are the partitions that will be a part of this array

Now that you’ve created it,  you don’t need to assemble it. In case you need to, however, this is how you can do it.

$> mdadm --assemble <ARRAY> <DEVICES> ...
$> mdadm --assemble /dev/md0 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1

4.  mdadm is now creating and initialising the drives.

You can check progress with

$> cat /proc/mdstat

It is a good practice to check your array every now and again. See a detailed report with:

$> mdadm -vD /dev/md0

Which does a –verbose –detail ‘ed check of your array /dev/md0.

5.  Partition and Format the Array

You can partition the array with your favourite program. Don’t partition the drives! Partition the array /dev/md0! I use fdisk:

$> fdisk /dev/md0
n (new partition)
1 (number)
start: <press enter>
end: <press enter>
w (write changes to disk)
q (quit without saving changes)

Next you format the partition with your favourite filesystem. I like ext3. My distribution ships with a shortcut program called mkfs.ext3. You may require mke2fs, which by default create an ext2 filesystem. Add option -j to create a journaling ext3 filesystem. Type man mke2fs for more information.

$> mkfs.ext3 -v -L ADD-A-LABEL /dev/md0p1

Where ‘p1’ is the first partition on the array. The array may still show ‘rebuilding’ bur it is usable. It will not be fully redundant, however, until rebuilding status shows 100%.

6.  Create or Edit /etc/mdadm/mdadm.conf and /etc/fstab

It should read something like this:

#/etc/mdadm/mdadm.conf
DEVICE /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1
CREATE owner=root group=disk mode=0660 auto=yes
MAILADDR root
#MAILADDR xxxxx@domain.com
ARRAY /dev/md0 metadata=1.2 num-devices=4 devices=/dev/sdb1,/dev/sdc1,/dev/sdd1,/dev/sde1

Your /etc/fstab should include a line similar to:

#/etc/fstab
# automount /dev/md0 raid partition
/dev/md0p1  /mnt/mountpoint  ext3  rw,user  0 0

My /etc/fstab reads:

/dev/md0p1 /media/leopard ext3 rw,user,noacl,noatime,nodiratime,noauto 0 2

noacl,nodiratime,noatime should improve performance of ext3. noauto prevents filesystem from being mounted automatically, just in case (I’m paranoid). The ‘2’ at the end makes fsck scan the drive after 31 or so mounts. See man mount for more options.

Update: There is another terrific guide explaining how to modify and grow a RAID1 array with 2 (or more) disks to a RAID5 array.

No More Promises

I will never again buy a RAID Controller card from Promise again! They claimed to support GNU/Linux, and they don’t. They said they didn’t have drivers for Windows 7, and then suddenly they magically appear on their Downloads page. We weren’t even notified.

I’m going to go with mdadm and try my luck with software RAID on Mint. If I must buy another card, for whatever reason (namely software RAID is much too slow, and hardware RAID will offload the work to the card itself) I’ll go with Adaptec.

OGG Vorbis vs. MP3

I just ripped some of my CD’s to MP3, but I was just curious what OGG would do for me. I had never actually compared the two encoding formats, side-by-side, but today, I was simply stunned.

A song compressed with MP3 (VBR 128Kbps Normal Quality) was around 5.1 – 5.8 MB. It sounded good, but ‘clearly’ inferior to the actual CD Quality sound.

The OGG rip (VBR 128Kbps), on the other hand knocked my socks off! It was around 3.0 – 3.1 MB and sounded ‘nearly’ as good as the original CD!

I hesitated, at first, to rip them all to MP3, in case I wanted to share them (!gasp!) with others. However, now that I can see a 17% – 20% compression gain using OGG over MP3, I no longer feel that way. I wholeheartedly endorse the use of OGG Vorbis for ALL compressed lossy compression.

Most [good] audio/multimedia players already support OGG (except, MS programs, obviously!) so you should have no problem listening to them.

If you have a portable media player (PMP) without native OGG support there are two options

  1. Contact the manuafaturer and demand (request?) that they support OGG in future versions of their players
  2. Ask them to create a firmware update to include OGG support on currently supported players
  3. Install Rockbox: a Linux-based GNU open-source free software suite which allows many major PMP’s to play a huge variety of free and proprietary (i.e. non-free, patented, or otherwise ‘encumbered’) formats, such as OGG. It also allows you to play wide variety of video formats, as well. It included a bunch of interesting features such as backlight dimming, battery-saving features, audio enhancement features, and plenty of games (plays DOOM too!)

UTF-8 characters in FreeNAS with rsync and cygwin and Windows

I’ve been having some problems with charsets (character sets) when using FreeNAS, rsync, deltacopy, and cygwin.

The filenames on a Windows box are either in UTF-8 or ISO-8859-1 (Latin1). The FreeNAS uses rsync to backup the files on the windows box, and saves them to a RAID array. I wasn’t sure if it was rsync, or FreeNAS causing the problem, but all characters with more than 7 significant bits (8 or more) were being “escaped” such as \#303 instead of Ñ.

I found the solution by using the “-8” flag in rsync. Also, I overwrote the cygwin.dll file supplied by DeltaCopy with a UTF-8-modified cygwin.dll, restarted DeltaCopy, and the filenames appeared correctly and in UTF-8 (instead of ISO8859-1).

As always, remember to BACKUP before journeying on with this! Good Luck!

openSUSE 11.2 Disappointing

I must say I found openSUSE 11.2 to be a major disappointment. I’ve come to expect better, much better, from Novell. If it weren’t for the stability issues with KDE and relatively poor netbook support this distribution would have been a keeper for me. There really is a lot to like. Perhaps the results will be different for people with different hardware. For me, though, openSUSE 11.2 just doesn’t compare favorably to the other major distributions and I can’t recommend it at this time.

Continue reading

Googleblog homing in on security

As part of National Cyber-security Awareness Month, Googleblog posts some important tips regarding password security.

Creating a new password is often one of the first recommendations you hear when trouble occurs. Even a great password can’t keep you from being scammed, but setting one that’s memorable for you and that’s hard for others to guess is a smart security practice since weak passwords can be easily guessed. Below are a few common problems we’ve seen in the past and suggestions for making your passwords stronger. — Choosing a smart password.